1517655 – PCP SELinux AVCs

Bug 1517655 - PCP SELinux AVCs

Summary: PCP SELinux AVCs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pcp
Sub Component:
Version:	27
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Berk
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-11-27 08:07 UTC by Marko Myllynen
Modified:	2018-02-27 17:21 UTC (History)
CC List:	6 users (show)
Fixed In Version:	pcp-4.0.0-2.fc26 pcp-4.0.0-2.fc27
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-27 16:56:08 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Marko Myllynen 2017-11-27 08:07:48 UTC

Description of problem:
type=AVC msg=audit(1511769743.078:132): avc:  denied  { map } for  pid=2017 comm="hostname" path="/usr/bin/hostname" dev="dm-0" ino=212338 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1511769743.143:135): avc:  denied  { execute_no_trans } for  pid=2089 comm="pmie_check" path="/usr/bin/pmie" dev="dm-0" ino=425394 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:pcp_pmie_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1511769748.729:181): avc:  denied  { execute_no_trans } for  pid=6268 comm="pmlogger_check" path="/usr/bin/pmlogger" dev="dm-0" ino=425402 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:pcp_pmlogger_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1511769791.837:226): avc:  denied  { getattr } for  pid=1582 comm="pmdaproc" path="/dev/gpmctl" dev="devtmpfs" ino=68642 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:gpmctl_t:s0 tclass=sock_file permissive=1

Version-Release number of selected component (if applicable):
pcp-3.12.2-1.fc27.x86_64
pcp-selinux-3.12.2-1.fc27.x86_64
selinux-policy-targeted-3.13.1-283.16.fc27.noarch

How reproducible:
Always

Steps to Reproduce:
1. setenforce 0
2. systemctl restart pmcd pmlogger pmie
3. pminfo -f

Comment 1 Lukas Berk 2017-11-27 21:56:58 UTC

Fixes in the following commits in my tree, will make it into upstream master soon.
commit b4e4d9c409081810b684944b62f54435078faa69
Author: Lukas Berk <lberk>
Date:   Mon Nov 27 15:55:19 2017 -0500

    selinux: rhbz1517655 add missing file:map access
    
    Added a single missing class capability for file's accessing maps
    adjust qa and configure scripts accordingly to check

commit 8dbdae14f11df0e8817a9a532fb3c37fc9a51c6a
Author: Lukas Berk <lberk>
Date:   Mon Nov 27 11:16:00 2017 -0500

    selinux: RHBZ1517656
    
    Add three type enforcement context allowance lines
    update qa, config bits for conditional context

Comment 2 Fedora Update System 2018-02-16 16:14:40 UTC

pcp-4.0.0-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1a78dc89ec

Comment 3 Fedora Update System 2018-02-16 16:38:14 UTC

pcp-4.0.0-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5d50796a5d

Comment 4 Fedora Update System 2018-02-19 21:40:41 UTC

pcp-4.0.0-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-84c14418ef

Comment 5 Fedora Update System 2018-02-19 21:41:24 UTC

pcp-4.0.0-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e29ed8f6d

Comment 6 Fedora Update System 2018-02-20 17:50:02 UTC

pcp-4.0.0-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e29ed8f6d

Comment 7 Fedora Update System 2018-02-20 18:18:28 UTC

pcp-4.0.0-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-84c14418ef

Comment 8 Fedora Update System 2018-02-27 16:56:08 UTC

pcp-4.0.0-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2018-02-27 17:21:11 UTC

pcp-4.0.0-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.